Ask Your Question

Wireshark vs KeepSolid VPN - leak or not?

asked 2018-01-18 15:14:04 +0000

laur gravatar image

updated 2018-01-18 15:15:18 +0000

Hello all.

I have used your software to test a VPN service to which I have recently subscribed (Keepsolid VPN Unlimited)

I have run 2 packet capture tests to test the VPN. Both tests were conducted with WireShark on a http only website, with VPN turned ON (KeepSolid Wise TCP Protocol).

I have selected the physical WiFi card first and, as expected, I could see no (readable) data flowing through.

However, when I selected the tunnel network that the VPN software has created, I was able to capture the test username and password.

So my questions are as follows:

  • would this be considered a leak?

  • presumably an actor were to use the Wireshark software from another network / device to capture the packets, would he/she be able to "see" the virtual connection that the VPN has created (and thus intercept decrypted packets like in case 2) or would he/she just see the outside WiFi Network and not the tunneled one (and thus only get encrypted (or even no) packets like in case 1)?

Thank you in advance for your support on this.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2018-07-31 13:48:08 +0000

There are so many online tools to test the VPN leaks. Here are mine results while using Surfshark:

image description

edit flag offensive delete link more

answered 2018-01-18 18:16:53 +0000

sindy gravatar image

If someone can run packet capture directly on your machine, he can do other things as well, so the mere ability to capture on a virtual interface before the packets get encrypted for transport over the physical one cannot be considered a leak by itself. Or at least there is no effective way to prevent this - the very idea of VPN tunnels is that the data transmission over physical interfaces of a machine is encrypted while the applications running on that machine send and receive the data in plaintext as they always did, but do so over the virtual interface instead of a physical one. If this is not satisfactory for the purpose, end-to-end encryption must be handled by the application itself - https would be an example of such behaviour where the cipher negotiation and encryption is done by the browser.

Not providing the capturing tap to the virtual interface would just obfuscate the fact that a malware running on the machine could read the traffic anyway if it was there, albeit it would require more effort. Providing the tap allows you to diagnose communication problems even when VPN connection is used which is sometimes helpful.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-01-18 15:14:04 +0000

Seen: 541 times

Last updated: Jul 31 '18